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Abstract of JP2003255831 
PROBLEM TO BE SOLVED: To provide an 
elliptic curve scalar multiple calculating method 
capable of preventing a side channel attack 
and a fault attack. 

SOLUTION: In this scalar multiple calculating 
method for calculating a scalar multiple point 
from a scalar value and a point on an elliptic 
curve/a side channel attack is prevented by 
randomizing a given point and performing an 
elliptic curve calculation independent of a bit 
value in each bit of the scalar value. As for a 
fault attack, the fault attack is prevented by 
restoring the Y coordinate of the scalar 
multiple point and determining whether the 
scalar multiple point satisfies a definitional 
equation. 
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H» W»R ftllLkOjfca* c, * * 

^fc^Sr^v^-Mfcu ^^7- floe- ;y hr^ictr 
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2 0 0 2 — 2 5 Z 



Htnsx^^— fico-r^roe-.y M-o^-c?!iriEM3<z>* 
mmm 3^fy -^imse* 4 <d*t y ^&mrfi~z> 

tfy Hi^oV^^iem3<7)^^ ; /^T^MlEm4(^^7 i 
y 7*9&rr 5 - <b SrWR^rsai^ l IE«o^* 7 

[»*l4l mJfetffR it^y^ Ul!41IRifili8& 

«$nfc«nft««rfflv^ w k zftmk-fzm&m 1 ta 

[sif*l7] SWEI»Rftil»iUrO.EF±lC^ai$ixfc 
WRft»«^fflv^6Ci:^^«p*^:^3S*3®llE«©^* 



1] «Rttj»rtP#Jc:io«t-5fflR*j»(cov>'C 

* # 7 — um* r ft ^-ho & tm. 

*ni£irz>m 1 <&«yg^a* , 

ks 

k-fzx*7*-teftnmwL 

m^mi 2] mzmwtiim^mn^ mu^^Mi 
^M^^mm^tiitmkms^^&m±(D^9>y 
j-<t^?icmmztitzmk<Dmnznfti-zmm^&& 
'StfZk&ftWLk'fzttiJ&mi lmmvxxy-fenn 

*y h&£*)±Z\,-¥y Hk«r»*.«IElt«*©i--«X 

<z>f rx hfcov^itrfs^3<D^s#©&tmiB^4o*!i 

[M^ffl 4] Huia^RftUt U^lfRft 

[3**^1 6] ^rlEffiRftj»^UT«lfc2^RR^±JC 
[sS^l 7] gljfl&mRftlft^ ItOEFllC^^il 



Vfffi 2003 — 25582 1 



[0 0 0 1 1 
[000 2] 

[ftHSOttfm MRMlVHtj:,. N.Koblitz, V.S.Mille 

[ooo3] tfm&mm^c&vzm&mK. 

X3=B ( (y 2 -yi) / (xa-xi) ) '-A-x.-jc* 
y*= ( (ya-yi) / (x*-xi) ) (xi-xO -y. 

By'=x 3 +Ax 2 +x 

[0 0 0 6] ftW&m±e>&<o2feW.tt:fc<D£ 
[0007] tlRft^JioBitfi:*f^j®o^<7)ffl|itt 

[0 00 8] «R ft&tff^tC^SI^ VT-r&v&m 

as 

3Cfikl ' J. Coron, Resistance against Differential P 
ower Analysis for Elliptic Curve Cryptosystems, Cr 
yptographic Hardware and Embedded Systems: Proceed 
ings of CHES* 99, LNCS 1717, Springer-Verlag, (199 
9) pp. 292-302. 

[ooo9] £ fcvz^&mn?? *i>c* *r v masiftzti 

5o 



6 0 MRAH±0Kt^ftNH&ri. fltRftllLhOfc* 

[0004] tfm&m±<7>&£^ ftnMk<oi&mim 
♦tRAH±^j5fe tommm frfemztiz* zlx 

[0 00 5] fgR &m±<D 2 &<Dlmmnfc<0 i^CLT 

*rV=Ot yaWRMO««CC^ *(x..y,)*jft(» i y 
a) O^JP^ (X3, y 3 ) = (xi. y,) + (xi, y 2 ) Ji, 

(SSI) 

0*3) 

[0 0 10] +tRftj^Bt-i-{C^-r^7^~/P h**is 
;££K2 : I. Biehl, B.Meyer, V.Mueller, Differential 
Fault Attacks on Elliptic Curve Cryptosystems, Adv 
ances in Cryptology CRYPTO 2000, LNCS 1880, Spring 
er-Verlag, (2000) pp. 131-146. 

[0 0 11] «Rftj|»l«WC*5V>TW:, 

[0 0 12] ^R*jg|fft^cm-a^-r K^-yjM'** 

;££fc3 : K. Okeya, K. Sakurai, Power Analysis Breaks 
Elliptic Curve Cryptosystems even Secure Against t 
he Timing Attack, Progress in Cryptology - IND0CRY 
PT 2000, LNCS 1977, Springer-Verlag, (2000), pp.17 
8-190. 

[0 0 13] ^>=f* U&^Rte^^ffiV>TtT9ltRtt 

m±<Dx*7-m&rmc&\,*x, *it>tiizftn&m± 

[0 0 14] 

© t xizmFFmn \z*ff 5 sw^sno ft #> 
5 frtb&&&&m*>m&&&mm-fz zt&xzzco 
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[0 0 15] ±iS&flftt* ^ K^^^^SrteC* 
[0 0 16] K^t^^WV 
[0 0 17] #«9J*>ii&OBfi<Jtt, ±t&mR*^^ 
[0 0 18] 

[SRS«:»*t-Sfc«)0^a] tfRl&iiiSSJ? 
jfttl»«^*7H»M*ifeTfcot, WP3AMLh 

^r^i, *#7 — IttOtfy hOl^t5l3<^ 
[0 0 19] 

[0 0 20] Bltt, M7-^142idJ:oT^^ 

[0 0 2 1 ] 1 CQgf-^ilff ->^^AtCjo(t6^>e^ 
-*A101-?* jy-fe— S*Z>Bfr#{fc£fif P.+k(aQ) 

ott#fkS:fT9<c«t, SHg«a&tjqcOJ:9-a(kO)*tf)8[ 
U 

(P.+k(aQ))-a(kQ) (^4) 
[0 0 2 2] *y h^7 — ^142{CI1, P.+k(aQ),kQO<?*i£ 



(0 0 2 3]ii(;^^ a^fcTa. — *A101tt, c 
PVilZ^-^a^y^UAtt^iDmMmm. RAMIO 
3. ROM106^gBIStt^ai07/iif^lSt&^g, =V 

09, ^inflattK*oR^«$K««^^jftK$ttrv^ 

[ 0 0 2 4 ] — * A10UL RAM103, R 

OM106^*8BiEtM£Bl07fc ^0|2tg^g(C J: o TIE* 
SB102&3^U CPUllS^T'nir y^ll4#^*II 
*KB^IE««102«C»JW^ ttfc^ a ^7 

10211, £&103 (fi»Jx.«4tRftl|(0^g|^|tRftjS|J: 

[0 0 2 5] 3Vlfa- *B12H1. =i>-t:"^-— ^ A101 

B 12111, RAM103, ROM106^«JfE«^fil07/ir^ 
©!E1^fitCJ:oTlB«&l22&|SmU CPUll3^n 
7 a -fc y HM i4fc ^<0«»^«d5IE«SS122tC»jtt £ 

[0 0 2 6] 7 s —* togg&132li, *HJ6^»C*at^T 
V^^>m^rXl4l<om^it^rf0o ffiFtf*SB135 

ia«SBi22Hu ^124 (0»jx^r& 

[00 2 7] 12li, =>>\?ol — ? AlOKOfrtQM&EL 
^>o =^fc* ^ — ^ AlOl^. AXZixti* y-fe — 5; 

211, Am^-r^^7ai-^110$r^tT¥^:OA7J^ 
■fe— i ^204«r^«t^5t, A7J^tLAc¥^C^ yir-^co 
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Wffl2 0 0 3 — 2 5 5 8 3 1 



[0028] m^r— *mmmi2i^ ^t-^e 

By.^Xi'W+x, (^5) 

TfEit^l02^i^$nT^6^104^^^ai L/t 

SL&ki: =7— fgffgSflll5— i£5 (JI_2_ (73206) e 

[0 0 2 9] ^^7- fgffligi5ll5te. Q^xJ^fl, v m.m 
<7>m, ^kiCj:6X^7-^(x„,ya 1 )=kQ^. &m 

x.j=B ( (ydi-yi) / (xdi-xi) ) J -A-Xi-Xd>, 

[0031] =x^t°^— ^Aioui, *w±m&\\2x 

fctfj;^ y-fe— ^209£*&^3:T-5 e =* ^fcTa. — * A101 
tt> ^<fc£*Lfctt77P< y-fe— : ^209£rx — ^141 <h It 
AttiTM — ^110£9£±i7JU -*yhl7 — 4M42 

£^ UX =i >- B 121^^-T 6 e 
[0 03 2] ^M2. ^fatt^S102^^<Off $8^tfj L 

[0 0 3 3] ^Bi2iis«f-§^l:S*Lfcy 

^3^5132. ^^^-ff^^ll55rX^7-f*tf^gBi3 

5, !Eti§i5io2^ieti^i22^^#^6 i b^i:-rao * 

[0 0 3 4] ^—^^135132^ AttW-f 
^110^LXfff#{b^iX^T ? -^141(M2.COA^^ y 
-fc-^204) ^A7j£ix5<!:, A^^-ttfcPf^k^ttfc 

xn=B ( (y.i+y<o) / (x.j-x^j) ) 2 -A-x.-x«o 

<5xn£rf#6 0 

[0 0 3 9] ayfa- *B12lf*. * ^SSl5132"e 
[0 0 4 0] WCaVtfa — *Bl21d^a^{fc«y®£fT 
^302. ^PH[^303, 2f£3f^304 > tTy hfl^Si5305, 



7 s — ^^=^112^6 ([gl 2 CP208K ^ Lff-gf 
^5112^5 (N^O207) o t"-^^iS^112^ n 
^.-C*>n^fEti^l02iC^$ixrv>5 ^104^^0? 

awtau ism'AMmskQcoxmM. ymmnmtzLm. 

t 7-{gffHS&115^|£ ((212^206). 
[0 0 3 0] x-^&S^mtt:. ^7J7-^ff^[^115 

(Dtfm&mCi\,^XlL P.+k(aQ)<tkQ£§fg-t-£ 0 -ft* 
<s£6) 

[0 0 3 5] T—*l4l<D}?y bPUzX-DXmZrLZgC 

m*xmm^h^ffiwmm±(Dymm<Dm&nn-tz 0 m 

"Urik&thti* y±— ^,,x^^5/ hFlX&>K>, 

By e , J =x.i a +Ax. 1 J +x.i (5£8) 

(fcfcU B, Af«*ve*U£&X 

[0 0 3 6] ^-^^^132^, IEtt^l22IC^^n 

xmm. yM^^iKx^y.,)^. x*9—fe§tnm 

35^^5(|g}2(^206)» 
[00 3 7] ^77 7~^ff^l35^.xM^ yM^CD 
W&ffi&USfrh**?— fg^(x <0 ,y fi )=a(x^, 

^^-^^^132^5 (a2.^207) o ^ 
[0 0 3 8] ^Jx^Pf^-fb^nfc^ ^t-^HXo 

<D\?y vnxtb*) . v m<Dtfm&&<Dm'&iz. 

(P.+k (aQ) ) -a (kQ) = (x.i, y.,) - (x*, y<£1 ) 
«9) 

[004 1] B4 &tJ^ 5 frffll^T** 7— fefrgflS13 
$n^^P^Rftj|S±^*>5^^^J^i-6o ^ix 



(6) 



*SfW2 0 0 3 — 2 5 5 8 3 1 



^ft^Si^'te^-r y^524^^T< (401) e 
[0 0 4 2] :/401 T»fc-ttftfi\ 7>?M\&& 

•iciui^sns. afcrSr^u (402) % ,£p=<x, 

y) *lt^«f^*5V^T7 >^Aft$ttfc^SrP=(rx. ry, 
4X,Z.= (Xi+Z 1 ) 2 -(X,-Z,) 2 

XXXi+ZO'tt.-Z,) 1 

Za=(4X,Zi) ((X 1 -Z,) 2 +((A+2)/4) (4X.Z,)) 
"C&tK AI*S£& % X, f Zi i X»,Z.tt-t^*t^POXJffia. 

&PkX7 yy*405T&frti&2Pfrbtj:Z&<Dm(P, 2P) & 
uFl<DM.<Dm(nP, (m+l)P) <t LT (ml* g , .iEttS&122 
Iw-^ttfctMfrt" 5(406) e 
[0 0 4 4] & 9 jS U*U«B306(4, £ fEt6SU22 

X^,= [(X.-Z.) OU+Z-m) + (X.+Z.) (X~,-Z.m)] 2 , 
Z^,=x[(Xn-ZO (X^,+Z^,)-(X.+ZO 0U-Z-.)] 2 

^,X^, i Z^,tt^n-e^^unPOXM« % ZfflSI, ^(m+ 

4X^.= (X-+Z.) 2 -(X.-Z.) 2 
X*=(X.+Z.) 2 (X.-Z.) 2 

Z*=(4X3.) ((X--Z.) 2 +((A+2)/4) (4XA)) 

Z^ Z2.fi ^rtV-eiX^jnPCOXM^, ZM^ ,S2mPOXM 

ZMgf-C*>5 0 ^x^^415T^*!>Ac^2inP^X7 t 2 / 
^WtJftaf)^ (2m+l) Prt> b # <5 ,&<^*&<2mP, (2m+l) P) 
3%6<DiS&(mP, (m+l)P)£atifc;t, mK2m£ftAU 
•y:/411^M£ (416) o 

?G~i=[(X.-Z.) (X^+Z.,,) + (X.+Z.) (X-.,-Z^,)] 2 , 
Z^,=x [ (X.-ZJ OU.+Z...) - (X.+Z.) (X^,-Z^.) ] 2 

[004 9] 2f|»»304tt, ltJ^JffiaT*$iXfc^<0 
4X~.Z-i= (X^.+Z-,) - (X^.-Z~i) 2 
X^ 2 =(X„,+Z^i) 2 (X^,-Z^ l ) 2 



ft (403) 0 *ic**nc»j(Hii*ftA-*-5 (40 



r)ti 
4) . 

[0 0 4 3] 2ffiF»ffl5304tt, 7 Mt£kltlMP<D 2 
te,62P£r, ^>-^ y^tgR^lftOltj^^fCjofta 2 
ffiJtO&St&fflV^Tfff-lH-S (405) o 

(5tl 0) 
(«11) 

(*;i 2) 

-ftL*a>ofc»£rt:, '£&I£lii*D£i+/<5 (412) Q 
¥y Sffi*J^Si3305f+. x ^^7 7— MdCDI#@ O f >y h <7) 

W&ovto z an s fr&mfe u ot fcfttf ^ y y ^4 

14—, lT*>ilfl-X7 t y^417^ff< (413) o 

[0 0 4 5] Xxy^413TtT^ hcO^O-C$>ofc^§ 

£\ ^P»fflJ303tt, ^^tC«fc!9^$Hfc^«a(mP, 

(D^OPj^^^ir^^OP^P^LmP+^OP^r. 

Mt £ tLX V >fcV >^P= (x; y) Ltm \ £ (2m+ 1) P 

(414) 0 C*U2 % 
(5U 3) 

«1 4) 

[0 0 4 6] 2^^30411, NI«[|-C«$nMO 
*&(mP, (nrn)P)*>e>J^©2f&J|2(ntf)£frV\ ,£2mP£rfr 

^-ra (415) 0 ztuz, 

<5£l 5) 
(3*1 6) 
«17) 

[0 0 4 7] ^^^^413TtT^ hOU^lT^o^li 

(m+1) P) ^mP £ ^ (m+1) P^^n^mP+ (m+1) P£ 7 >- ^ A 

ffc $ nTV ^^V\^P= (x, y) &mm UTfTV M (2nH-i)P«r 

tf^-fS (417) 0 

[0 0 4 8] CtUi, 
«18) 

«1 9) 

m (mP, (nr+l) P) h & (m+1) PcO 2 fg^2 ( (m+1) P) $rfTV \ 

^(2m+2)P^ff^-ra (418) 0 ZtllL 
(5S2 0) 

(SC2 1) 



Z^^ (4X^,) ( (X-..-Z.0 2 + ( (A+2) /4) (4X^,Z^.) ) (^2 2) 



-1, Z^ lf X**. Z^ 2 fi^rix^+L^(m+1)PC0XM^, ZM 

*(2m+2)POXM^. ZMBTfcSo ^^y^417T* 
fc^L (2m+l) P t ^ 7" :/418-C3fctf>£,£ (2m+2) Pfr h tt 
<2m+l)P, (2m+2)P)$r, ^OmOnP, (m+l)P)<tg 
#^^L, m{C2m+l^rftAU. ^^^^411—^5 (41 

9) 0 dd-c^^^^4i7-4i9ii, ii^or/w=ry XA 

<h fi^^ 9 , J^T 1 y ^414-^416^1^— agiJ^aW^rtTo 
[0 0 5 0] 77 y^411-e^^Ii:X^7 7— fild^lfix 



mi&'&yt-t* (521) 0 YJffi«ttt5E^«fetcov^Ttt, 
3tift4 : K. Okeya, K. Sakurai, Efficient Elliptic Cur 
ve Cryptosystems from a Scalar Multiplication Algo 
rithm with Recovery of the y-Coordinate ona Montgo 
mery-Form Elliptic Curve, Cryptographic Hardware a 
nd Embedded Systems: Proceedings of CHES 2001, LNC 
S 2162, Springer-Verlag, (2001) pp. 126-141. 

[0051] mmxw&niz&zoi^ Mj&tmw&m 



(7) 
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y 7*523-^ iffifc£fcl*i§£>li*^ <;/ ^524— < (52 
2) 0 *7 t y:/522TWfc-t-»£\ »1*MIT«£*L*:£ 
(7>*R (mP, (m+l) P) j5» ^M^-e^ $ nfc,£mP= (X., Y., 

z.)^^*? -ffj^dp i l Tta-f-fttesfc 132— aa^-r 5 

(523) o 

[0 0 5 2] ^f^^Oirl/b^f^^ fcKtt 

^7 t ^^522-e*fc$>fcv^i&^ % r>FiEj £:;^-r{l-s§-£ 

ttWkft ! 3lf|J132^tfiyj-t-« (524) e 
[0 0 5 3] fe&dP&TzrsOmm^^ 

[0 0 5 4] ^fcifa^MItCct n**#^-Hfidtt:fcr 

dPd5fh^L-ctTV>5wi:(c/ < c5o 
[0 0 5 5] /jT*5^*9— ©tf»«IS135|CA^$tt5fll 

[0 0 5 6] ±SE^ri£tt, K^^^/v^(c*f-T5 

W^fy^^TV^o ^yT^M&O^T^;/ 7*417 
n?>?J*{k£tlX\*^&*&P&m^&&* ^y 7*414 

nfc^unPXVOn+DP^, 7^i*{fc£;ftTv>frv\&P < *: 
£/8V>T, ^^fTV\^(2m+l)P^ff^-r^ 0 * 7^7*4 
02O3L^fiKTSU©M^^$*L, XT y 7403X7 >- 

TfXT ^^417TO^jnP^^(m+l)P<7>M^(^^>S^ 

9, ■ ; ei^^(7)M^fflv^Tfi■^^t^a^(2IlH-l)P(Z>M^<o 
fittm^6o "f^fr^, IPIC^^^-Md&t^^iPSr^x. 
tt, ^OfP^(2ni+l)PCOM^(7)^^{t-t--5o 

[0 0 5 7] ^^(CX^^^lST^f y hCD^nM 

[0058] z(D%tn?rm*nm-fzma^ xryzf 

[0 0 5 9] &L±<om9, ±«ll«>t*-»*«fett. 

[0 0 6 0] *fcJ:ie;fr&l*. 7t-/Uh»*l^t5 

6 e f&tfj¥if5202fcA^$n5fflP3ft*Ji 
©^Piur^jE««fiw*^e>*tfctr-5t, ^^4 



01 iciot ^T,£P^*f R ftjSlo^gg^W 3 ) $ fci * 
<b#J££ix, ^^>^mxx^7 p 524-C T^iEj sra^j-r 

[00 6 1] 7*402-4 19^,£mPt> L< te(m+l)P<£> 

y 7*41 1 -Cj&nP feL< j£ (m+l) PtfHKdS* jE £ ft £ e ^ 
7>y^411t?^t)U<tt^(nrfl)PO«^iE-e*>9. I 

£\ t<0&LlZ< yJ , 4llXi>&jaPi>l^< f*/£(m+l) 

P^fiSt^FiEir/cCSo ^^^^llT-^mPOM^^IE-Cfe 

£\ ^^^^522T < ^nP^^7jg^;(^:3)?r^/5:^^ 

v^fJ^^n, x 7^7*524-? r^iEj &mti-fz>o 4 

^Ji^^^7 P 411-C^jnP(7>^iEb< . ^(m+i)PW . 

«tft5c^rfTP 0 j e<?>^A(m+l)Pc^^iSrffiv>ao-C, 

7 p 522-c,^mPii^^e^:(^: 3 ) &mti £ fcl^ £ W£ £ 
*u ^7^^^524-e r^iEj ^ad^-r^o 

[0 0 6 2] ^miC.^P^ LTiELV^^A^^n, tf 
^^^WCiEUV^-Cfcofcii^, X-7 L ^7 P 522-C,#jnP 

i*5afcfr§a;<5$; 3 ) 

[0 0 6 3] £JLbtf>iI*K ±WRlOfW*ffil4, y* 

[00 64] te&mi<nm>%%m^tefiiF)$imk u-c, 

^£ftfc^RM!|£^Tt> <fcV>U OE F (Optimal E 
xtension Field) ±T*7£m£tltztfm &m*m\ h & 

^tSfe5 : D. V.Bailey, C. Paar, Optimal Extension Fiel 
ds for Fast Arithmeticin Public-Key Algorithms, Ad 
vances in Cryptology CRYPTO '98, LNCS 1462, Sprin 
ger-Verlag, (1998), pp. 472-485. 

[0 0 6 5] J^Lfc, 3>t 8 ^ — ^Bl21t)m^it^ntz 
[0 0 6 6] aytfa- *A101<£>X7J 



(8) 



WB2 0 0 3 — 2 5 5 8 3 1 



So' 1 

[0 0 6 7] &tcf*16 frJUl^T. *#7HfcffJISB135 
^Utr-y hgLW^^Hi&d&U^evrf* y SHIR ft* 

±©£P2&»e>. *^^ya*iiniaiiHc:i3it5^*9— 

$ 0 Ht*tfyhftitt, *#7HHdOftitt£JxT 
[0 0 6 8] Z<Djj&T'te, W*X7y7k1Afr&vm 

t 7— mnzfrfrtth-r— etc** x o \zmf& u 

[00 6 9] ^— fiFtMtffiMS**?*— ^Aa^SP132^ 
m°tZ (601) . 3Qfe#g5CTJj£S|S307M: % Art£*Lfc^ 

,&p^tt r <5t 3 ) Srsafc-t-a^ ? **-c^J5t 

*T*y7%\7^ft< (602) 0 7 V^A{b£&302l4, A ^ 
*ttfctSRftj»_bO^P<07>'^A{k^tT5 0 1~ftfc>*> 

a»r«:^u (603) , 7>?Mk\^it&?*to&mM 

K^oWC, (rx,ry,r)<t^-r (604) 0 

[0 0 7 0] Jfcfcfll Rft*±O^^To.o, Tm, T,.o, T 
MOtOWkSrff ?o TcolCfS^-r y ^604T^ ^Affc 
£*lfc,&P£, T,..|Ci4T..o£, To.,(^li^7 i >y7 P 604-C 
7y^ft^il^P0 2^2P^, Ti.ilCI4To. i£r>, 

fUUctt, yi!»Rftj||©^ffi«»c*5*t5 2 

te»C04*5$ (S;iO, 5£l 1> ^12) $rffiV>Tff^L-r 
^ (605) 0 

[0 0 7 1] ^K^stc^teo^ftA-t-S (606) 0 
**ilc«J»!«L-l«r«Ai-6 (607) 0 *9fiUWJ£$B3 

<Z>££f4*7^:/609^ , 0*»O^#I4^^j/^614^ 
*T< (608) 0 fflRftit»±<^5F3tjfeTfC^T*«*ftA-r 
5(609) o d»f4, J*7J^ — iitd$:d=£dj2 J ,djed{0, I}, j 

3£2(T)£frl\ jteTfcjftT^ifcflH^* (610) 0 ApflC 
= (x, y) £ ffi V ^ ?T V * , * <D*£m £ /ST. w , lift jW"*- 5 

(611) e ^(csJrdi^^ifeSfpSrt^, -e^&i^sK 

(612) . &lC£&i£l3&J>£-£6 (613) 0 
[0 0 7 2] ^Xi/^608-Ci<0(7>^ x YJ^^7C^5308 
14, ^T ft0 Xt5^T...OYJS«!ISr«7C-*-5 (614) 0 Ygg 



V > ^ 14 * ^ y :/6 1 7^f? < (615) 0 ^Ty^6\5Vt 

f£.£dP£ LT«#ffc#yMB132^ (616) 0 :c 

fcJM^Uv'a h^^M«Rft«Hc*3it-5M«l(c3E*L 

L < 14* 7- y ^615-CV ^-ffrfr— fitm-ft tS #1r 
r^FiEj £^m^£^-*^g^l32^£t|;fj-r6 (61 
7) o 

[00 7 3] /i*5^*7-fgPH-*SlJ202JCA^^ix5» 
^zn/Vv^ h^^M^P3ft*JiO^Tfcor^4V\ 

y^RftlSJKO^tC^tftLTfflV^tf ctV\ 
[0 0 7 4] ±3E*2<atfJ«7 2fc<k, t-<Kft*^* 

"9 r^>6o ^^"2x^604^*51^7 V^AfbU/c^P^r^ 

A{b^i^TV^«fV^^P^V^$25^ ^7^^^611-014, 7 

v y $ n^c^p^- e> mm z thft&mxt&j* ™ t 

7V^A{t$ixT^V\^P^^V>TT+To^?rff^-r 
5p ^^y7^03oa«fc^-C33Uo«[is^$ix, 

2/^604-c^ v^Aft^nfc^poffiaiw^sa^nrtr, 
^^y^eiiT^mOT^.-di^M^co^M^^, ^ 

<D?z_XT y ^608— X ^ ^6130^ «9 LHJ^l4dco 

try «.-fL®i*<5fc«>, dotr^K 

[0 0 7 5] /^*5^X^^606(CioV>T, stdtf^hdt-, 
^rf^AU, ^7 i y^607fc*3V>T, I{CL-2$:ftAUT^ 
4V\, ^njC4«9^7J^— •fitd^^^rfcry hdt-.^UT 
*>S«^tC^5-»JI^*^L^V^ 0 -f-#fc>*>, s=0, i 
=L-1 C0^(C^yoTV>Ac^> ^^608—613(75^^(7)^19 

[oo7 6] &ji<omr>. JiSso»2^tf)¥^&tt, * 

[0 0 7 7] *fc±IElR2^tf*^«fet>. 7*-/Uhft 
^S^-Cfe^o *-f^*7— »H-»SB202*cA^$ix6« 



(9) 



ftM2 0 0 2--2 5 5 



[0 0 7 8] ^{Cff^^(^fR^J:(0^1cO^<DM 

^it^o :OCi^t 9 ^7^^^603-613-0^10.0, T 
o.., T,.o, TuOV >-f tL^^cofit^^IE^IiltC^o tz t -t 
6o -^CO^, &{;l< a^^^^608T^To.o, To.,, T 

^To.o, To.., T..o, 1i.iCO\<^T}Xfr<n{&fr^lEX&> 

^T^^{-< 5^7 i y^608'Ct^To.o, To.,, T 
,.o, TMO^-fft^cOtftk^E^fta, ^^2/^608T 
^To.o7!^^^T,.o(0»^iE-rfc "9 , I <b 7— <I 
<K¥y hmm^^tnfetStlZm^, ^yyei5X 
^To.o7!rSft^T,o^^^^:(^: 3 ) &mtz £ fcV ^ 

^7^^^608-0^0.0, T,.o, T,.,^ii355iEL< . ,&T 
o.,cOii^^iE-C$)i9. I£x#7 — HtcD^ 3/ F fitful, 
V>i^^ix6^{wO^T#^-r-5 0 X 7^7*614-? 

<ox. &K£tLfzmm<nmittiEti:mktez> 0 

o T^x y ^615-C^To.ofi^^m^:(^; 3 ) £^ Ac £ 
Xx^^608T^To,o, To.,, T l .o<Dm&iEV< , 

[0 0 7 9] S^lC^i: LTJELV^^A^I^iX, ff 

[0080] zi±(D®<9, ±mm2<D^n^m^ 

[oosi] f£&m2<D%{nxmxtemFL&mb ut, 
-e^rfy vm&m&m&m<,*tzi)K m^2<D^mw±^ 

^£nfctftR&3i£/f^-Ct>J:^U O E F (Optimal E 
xtension Field) ±j£&£ itfcjf R ft/® SrJB V^T t> <£ 

[0 0 8 2] acJC**^****^^^^^*^-*-^ 
WcoV^EI 7 £ 1 2 £^Tfftg3-t-5» jg 7 <7>m&tii 
lEV^^AIi, x^- — K701iS^*ffi«i3gS:tT 
5 ^Vt^-^721^^^ 

[0 0 8 3] J*-r-h;*7— K701«t, iiatii^^ 
fc'^-*A^10l£^{£^/&£lI;i, CPU713 j ^37 p d 

H*<S«4j5feftiaa5712S:ll^-5o *fc*gBlEt§{l£ 
7*^*:/W.;fe3J:tf*— K&ffi&ftv*. 

[0 0 8 4] a^tfa — *721«\ 3 ^ fc*^ — ^ B 121 £ 



i^«^«fifeS:fltx.5*^ lStt^722{c^^n5^ , n^ 

32^Hm-T6o 
[0 0 8 5] ^^7 7— f^ffl[^715<!r735fi, 

-f&tf*«l 15* fc|*135 <b l^$<Z>fig£&&ffi x. 

fe3SSBH2SrS*^J5fetoSeiJ7l2, x# ^-trU^HS* 
fffff»tt715, ffi«tol02£fEfS&702<k&;fc# 
x^t(0<h-r^o *fc##205^tt<&M«ttfcv\, 

8E«i3gaJ732. tf*gS115S:^*7-f&ff-J¥SC73 
5. I5tt^l02$rf£tt^722ii!^#x.6t>^^-r6o 

[0 0 8 6] =i>-tf 3. — *72U4 % ^^yj^icmAstz&i 
H^T^^r U V^n— K743t tt, 7 ai-;*742£ 

^tt^v- H^7- K70Hd*&£ihSo *«^ftya*|J7 
1214, 7^-f K743^rA^?^ y±—i/2Q4k IT 

«B712tt, ft*u£dly£U f5tt£g702 (H 2 <O203) 

£ nrv^ a £&704?^ e l ((D2co205)^RaM 

-hO^Q<Jr t ^^^^7—^^715(1^2 0202)-^ 
iH-5(M2.C0206) 0 
[0 0 8 7] ^*7- fgF^$B715tt % ZeTj&Q, Sl^uiC 

-f&^*»*^«lS»712^S(E2.©208) o 
^3S$B712tt, iz^ibn^* 7 - ^^r^v^T¥^0 
^SrtTPo ^ffECDSAfiST&jltf, 
s = xu mod q (^2 3) 

t = u l (f+ds) mod q (5£2 4) 

Srtf Cirici^t^^^^^ K743(c^-Ta 
(s, t)Sr#5o 

[0 08 8] :;tqttM«, -f #fr^.6Q<Dq 
^qQ^M^iS^{C/^l9 , q< fc 9/h$^«Dn(i*f-re^ 

uu" =lmod qi:^51fcT*>5o *fcdtt8WB«S:^^ 

[0 0 8 9] ECDSAl^Co^TIl 
^C^6 : ANSI X9.62 Public Key Cryptography for the 

Financial Services Industry, The Elliptic Curve D 
igital Signature Algorithm (ECDSA), (1998) 

[0 0 9 0] h#— K70U4, V^^JAWSW^ 

Tf^U/t^741?:Att}^JW>'^7^-^710J: 
^ y-fe— ^209i: LTtrJ^L, ^ 7^-^742^^ L 
T=i^t"aL-^721^^|-r6o ^>t 0 ^-^721<7)^& 
«aEfiLa«B732tt, S^fe 74 1 ^ A 7J ^ 6 ( 1 2 <P204) 

m%74i<v&ms,t*mw£mmfti-t£tiibi£s, t< 



(10) 



tfrm 2 0 0 3 — 2 5 5 8 3 1 



r&#jj £tib;>7U h*- K70i£JE*frf-5. ft 

ills, tdsjifEflfflrtlcfciitf, ¥^^£E«tSlfB732ti, 
h = t~' mod q (^2 5) 

hi = fh mod q (^C2 6) 

hi = sh mod q (^2 7) 

d»&«*tf» Lfc 2 <P205) ^M«aO&^^0 1 fW U 
fch,, 7HMfJM&735*M£* (M2.^>206) o 

[0 0 9 1] *#7H&MMB735f±, ^Q^hitCcfcS 
* # 7 ~-{£-6hiQ <h , AfflmaQ t^zXZ^Jj? |&£h 
iaQ£Srff-j?U lf»Snfc^*9H»jfe«r*B»lE*a 
JMSB732-& 5 ®_2<£>208) 0 

[0 0 9 2] 5£fc|£«yi£B732ra:, iglbixfc;*;* 7 — 
R=hiQ+h,aQ (^2 8) 
s' = xi mod q (^2 9) 

K701&S5EU gftAna, s^s-Cfcl-mi* Tte^jj 
[0 0 9 3] ±l£|ll6^«g<D^*7-ffiFtf3ISP715. 735 

i*, h_l©^*9— fSfWwiissfcttissiRiai©** 

K70ltt»45ffj««l«rtr5Wc % =*>f~-*72i 

[0 0 9 4] &fcl«HMK*S'*^A«C»l!-r*tt 
JGft^JE&jp-CtS. HiO^*— ^«a«S112, 132«U *H 

BmUlfc.oTfiT 5 — **&JlSB112£'7 f — *r»a&S132. 

tfJI«115*r^*7H»H««135, IE«SB102 
SriE««122^^#^.6'bOt-t-'5 0 ifc^y^ 
— ^AlOU 3^fa- ^Bl2HC*5V>T^F#205-ett^ 

[00 9.51 a^tfa — 121tf>^— ^^[1^13211. 
IE«»1220|K*ttf «125d* P>«Hg«b*SK^tti Lnyt" 
* — * B !21(0^«ibQSrff^[-r5 ft IT^ y h V — 
^142£^LT^PIS&>Q£^-- *i43£ lt^>fa-^ 

[0 0 9 6] ^yta- * A101<7>^— **Q.33BU2tt, 

04£ LTgl*tttt*£, 7*— **!Uittll2M:, Sa«$U102 
Lfc(M2.^>205)fi5*W«105-Cfc-5 = > f~ 



— *A101tf>fiW&»i£, = — *Bl21tf>4>M«bQ 

«tt*SBll5^afe6(N2.O206). 
[0 0 9 7] **9~»H*ttll5tt. WMfo^^ntt 
bQlcJtS*#?H*£abQ«|-*U lf»$ixfc^*9 
H£,6&X — ^ftySttU2^« (1L2<D208) 0 "7*— 

[0 0 9 8] &(C=ivt 0 ^-*121;^ AjjZtltiT*— 

^■f-5o =i^t 8 ^— ^aiokd^-^*!is^ii2^. mm 

^AI01<D^SiaQ^ff^-f-6o ^LT^y h!7- ^142 
Srtf* LT^RHttaQ&T*— * 141 £ It =i V fc"^ — * B 121 

[0 0 9 9] nVt 0 ^ — ^Bl21<D-7^— *ftyig|S132tt=i 
^tTa — * AlOlO^&^aQOATJ^ATJ^ y±—i?204 
t LTgtttttt6<*:, t*— **yi»132li, !Eti^l22CD 

eH6f»ai25^?>iK^tfiufc=i vf^-^Bi2Ko^?5i 

b£, ^Vf^-^AlOl^^^aQ^^^^^— flJtfH 
ggl35^6(lg)2(D206). 

[oiooi ^*7-f&tf»sui35tt. w&mbt'&mm 

aQ«C*5;*#7^£baQSrff»U ff*£;h,fc;*# 7 
— f&^&5^*#yg$IS132^i£5 (H2O208)„ 
[0 10 1] *&3g*Bl32f*. xkhiMZXUy—fe 

&&m^x&&m&<Dmm&?fi<\ tatt^i22tc^tt 

*125£ LTflMft-t-a. Wfctf;**^— te/£baQ^xffi« 
«r*^-*«^-r* 8 w wTftab<hftbaliftM<b LT^C 

[0 10 2] hy — *142fcltt, ^aQ^r^bQ^^ff . 
$4X5^, jSabQ(t> U< tt^LbaQ)S:H-»-f-5^«:SHfi« 
at L< tt|JH6«bS:fflV^lttLtf3fcP>>fcV\ -f-^^^U 
?&«a'bU<f4IK««)S:*Pe>^»tttli. atfrtiMR&ft* 

[0 10 3] #H»B»c*3V*Tt>. »fWIB 
115, l35tt±ie<D«F«Sr{jB^.6<o-c *M K^-y^/w^c 

[0 10 4] *fc±lEttW^*J»t5Hff#{bfttaSC, ^-i- 

[0105] ^fcx-^^sgptt, _hiartp#fkte3i, « 
tyttms m*v?MQM. m&mt%m, m&wm& 

[0 10 6] 
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[Mill »i3W««)^*^H»W-»^r«fe**-*-7o- 



101, 121, 721 : ^yta^, 701 : X^— — h\ 
115, 135, 715, 735 : ^^7- ffftfUSB, 112:7*-* 
^S^5> 132 : GLfHtiQMM. 712 : W^^MU, 73 
2 : 104, 124, 704, 724 : Jfifc 105, 

125, 705, 725 : f8&1f$8, 301 : 
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RAM 
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me ] 
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[ 17 ] 
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